DieHard

DieHard protects applications from as-yet unfixed bugs and security vulnerabilities that exploit them. Think of DieHard as a new line of defense against hackers, together with anti-virus protection and firewalls.

Download

More Information

DieHard eliminates — or greatly reduces the likelihood of — a class of bugs and security vulnerabilities called memory errors. DieHard actually prevents certain kinds of errors from happening at all. It also reduces the probability that a bug will have any effect at all. DieHard works by randomly locating program objects far apart from each other in memory. This scattering of memory objects all over memory not only makes some errors unlikely to happen, it also makes it virtually impossible for a hacker to know where vulnerable parts of the program’s data are. This thwarts a wide class of exploits.

Technical Details

DieHard prevents invalid and multiple frees and heap corruption, and probabilistically avoids buffer overflows, dangling pointer errors, and uninitialized reads. This sample program illustrates a wide range of errors that DieHard prevents. For more details, see the following (technical) paper:

DieHard helps buggy programs run correctly
and protects them from a range of security vulnerabilities.

DieHard works in two modes: standalone and replicated. The standalone version replaces the memory manager with the DieHard randomized memory manager. This randomization increases the odds that buffer overflows will have no effect, and reduces the risk of dangling pointers. The replicated version provides greater protection against errors by running several instances of the application simultaneously and voting on their output. Because each replica is randomized differently, each replica will likely have a different output if it has an error, and some replicas are likely to run correctly despite the error.

The standalone version works for Linux, Solaris, and Windows, while the replicated version currently only supports Linux or Solaris console applications.

This work is supported in part by the National Science Foundation, Intel Corporation, and Microsoft Research. This material is based upon work supported by the National Science Foundation under Grant No CNS-0615211. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).

Contact Info

Recent Posts: Emery Blogger

I just sent this message as a guide to the program committee members who will be chairing sessions for PLDI 2016 (I figure it’s the first time for some of them). A few people suggested I post it, so here it is (lightly edited). Additions or other suggestions welcome. Find your speakers before the session begins. You […]

Originally posted on the morning paper: Coz: Finding code that counts with causal profiling – Curtsinger & Berger 2015 update: fixed typo in paper title Sticking to the theme of ‘understanding what our systems are doing,’ but focusing on a single process, Coz is a causal profiler. In essence, it makes the output of a…

Doppio, our work on making it possible to run general-purpose applications inside the browser, recently won two awards. At PLDI, it received the Distinguished Artifact Award. SIGPLAN, the Special Interest Group of ACM that focuses on Programming Languages, just selected Doppio as a Research Highlight. These papers are chosen by a board from across the PL […]